summaryrefslogtreecommitdiff
path: root/epan
diff options
context:
space:
mode:
authorPeter Wu <peter@lekensteyn.nl>2017-03-17 16:56:38 +0100
committerMichael Mann <mmann78@netscape.net>2017-03-20 23:51:23 +0000
commitf6e04681fcae10c01ceaba79be73642bc44faec1 (patch)
treebb1b4e5db7a37bfe8ea34ef36ee526ec783bcf06 /epan
parentf033925557c6d91d00273de4d0e3ddad5ab21d87 (diff)
downloadwireshark-f6e04681fcae10c01ceaba79be73642bc44faec1.tar.gz
TLS13: add oid_filters(48) extension for draft -19
Change-Id: I80b05bc81e77a70f2e0c8e1fe706ce5bd0a33981 Ping-Bug: 12779 Reviewed-on: https://code.wireshark.org/review/20593 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan')
-rw-r--r--epan/dissectors/packet-ssl-utils.c71
-rw-r--r--epan/dissectors/packet-ssl-utils.h31
2 files changed, 100 insertions, 2 deletions
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
index b19eedf963..a61aeb0c7a 100644
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@@ -41,6 +41,7 @@
#include <epan/expert.h>
#include <epan/asn1.h>
#include <epan/proto_data.h>
+#include <epan/oids.h>
#include <wsutil/filesystem.h>
#include <wsutil/file_util.h>
@@ -49,6 +50,7 @@
#include <wsutil/pint.h>
#include <wsutil/strtoi.h>
#include <ws_version_info.h>
+#include "packet-ber.h"
#include "packet-x509af.h"
#include "packet-x509if.h"
#include "packet-ssl-utils.h"
@@ -1187,6 +1189,7 @@ const value_string tls_hello_extension_types[] = {
{ SSL_HND_HELLO_EXT_COOKIE, "cookie" }, /* TLS 1.3 https://tools.ietf.org/html/draft-ietf-tls-tls13 */
{ SSL_HND_HELLO_EXT_PSK_KEY_EXCHANGE_MODES, "psk_key_exchange_modes" }, /* TLS 1.3 https://tools.ietf.org/html/draft-ietf-tls-tls13 */
{ SSL_HND_HELLO_EXT_CERTIFICATE_AUTHORITIES, "certificate_authorities" }, /* https://tools.ietf.org/html/draft-ietf-tls-tls13-19#section-4.2.3.1 */
+ { SSL_HND_HELLO_EXT_OID_FILTERS, "oid_filters" }, /* https://tools.ietf.org/html/draft-ietf-tls-tls13-19#section-4.3.2.1 */
{ SSL_HND_HELLO_EXT_NPN, "next_protocol_negotiation"}, /* https://tools.ietf.org/id/draft-agl-tls-nextprotoneg-03.html */
{ SSL_HND_HELLO_EXT_CHANNEL_ID_OLD, "channel_id_old" }, /* http://tools.ietf.org/html/draft-balfanz-tls-channelid-00
https://twitter.com/ericlaw/status/274237352531083264 */
@@ -6387,6 +6390,71 @@ ssl_dissect_hnd_hello_ext_certificate_authorities(ssl_common_dissect_t *hf, tvbu
}
static gint
+ssl_dissect_hnd_hello_ext_oid_filters(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree, guint32 offset, guint32 offset_end)
+{
+ /* https://tools.ietf.org/html/draft-ietf-tls-tls13-19#section-4.3.2.1
+ * struct {
+ * opaque certificate_extension_oid<1..2^8-1>;
+ * opaque certificate_extension_values<0..2^16-1>;
+ * } OIDFilter;
+ * struct {
+ * OIDFilter filters<0..2^16-1>;
+ * } OIDFilterExtension;
+ */
+ proto_tree *subtree;
+ guint32 filters_length, oid_length, values_length, value_offset;
+ asn1_ctx_t asn1_ctx;
+ const char *oid, *name;
+
+ /* OIDFilter filters<0..2^16-1> */
+ if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &filters_length,
+ hf->hf.hs_ext_psk_ke_modes_length, 0, G_MAXUINT16)) {
+ return offset_end;
+ }
+ offset += 2;
+ offset_end = offset + filters_length;
+
+ asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
+
+ while (offset < offset_end) {
+ subtree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset,
+ hf->ett.hs_ext_oid_filter, NULL, "OID Filter");
+
+ /* opaque certificate_extension_oid<1..2^8-1> */
+ if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, offset_end, &oid_length,
+ hf->hf.hs_ext_oid_filters_oid_length, 1, G_MAXUINT8)) {
+ return offset_end;
+ }
+ offset++;
+ dissect_ber_object_identifier_str(FALSE, &asn1_ctx, subtree, tvb, offset,
+ hf->hf.hs_ext_oid_filters_oid, &oid);
+ offset += oid_length;
+
+ /* Append OID to tree label */
+ name = oid_resolved_from_string(wmem_packet_scope(), oid);
+ proto_item_append_text(subtree, " (%s)", name ? name : oid);
+
+ /* opaque certificate_extension_values<0..2^16-1> */
+ if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, offset_end, &values_length,
+ hf->hf.hs_ext_oid_filters_values_length, 0, G_MAXUINT16)) {
+ return offset_end;
+ }
+ offset += 2;
+ proto_item_set_len(subtree, 1 + oid_length + 2 + values_length);
+ if (values_length > 0) {
+ value_offset = offset;
+ value_offset = dissect_ber_identifier(pinfo, subtree, tvb, value_offset, NULL, NULL, NULL);
+ value_offset = dissect_ber_length(pinfo, subtree, tvb, value_offset, NULL, NULL);
+ call_ber_oid_callback(oid, tvb, value_offset, pinfo, subtree, NULL);
+ }
+ offset += values_length;
+ }
+
+ return offset;
+}
+
+static gint
ssl_dissect_hnd_hello_ext_server_name(ssl_common_dissect_t *hf, tvbuff_t *tvb,
packet_info *pinfo, proto_tree *tree,
guint32 offset, guint32 offset_end)
@@ -7820,6 +7888,9 @@ ssl_dissect_hnd_extension(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *t
case SSL_HND_HELLO_EXT_CERTIFICATE_AUTHORITIES:
offset = ssl_dissect_hnd_hello_ext_certificate_authorities(hf, tvb, pinfo, ext_tree, offset, next_offset);
break;
+ case SSL_HND_HELLO_EXT_OID_FILTERS:
+ offset = ssl_dissect_hnd_hello_ext_oid_filters(hf, tvb, pinfo, ext_tree, offset, next_offset);
+ break;
case SSL_HND_HELLO_EXT_NPN:
offset = ssl_dissect_hnd_hello_ext_npn(hf, tvb, pinfo, ext_tree, offset, next_offset);
break;
diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h
index 918ae59945..3219cc2fac 100644
--- a/epan/dissectors/packet-ssl-utils.h
+++ b/epan/dissectors/packet-ssl-utils.h
@@ -173,6 +173,7 @@ typedef enum {
#define SSL_HND_HELLO_EXT_COOKIE 44
#define SSL_HND_HELLO_EXT_PSK_KEY_EXCHANGE_MODES 45
#define SSL_HND_HELLO_EXT_CERTIFICATE_AUTHORITIES 47
+#define SSL_HND_HELLO_EXT_OID_FILTERS 48
#define SSL_HND_HELLO_EXT_NPN 13172 /* 0x3374 */
#define SSL_HND_HELLO_EXT_CHANNEL_ID_OLD 30031 /* 0x754f */
#define SSL_HND_HELLO_EXT_CHANNEL_ID 30032 /* 0x7550 */
@@ -786,6 +787,10 @@ typedef struct ssl_common_dissect {
gint sct_sct_signature;
gint sct_sct_signature_length;
gint hs_ext_max_early_data_size;
+ gint hs_ext_oid_filters_length;
+ gint hs_ext_oid_filters_oid_length;
+ gint hs_ext_oid_filters_oid;
+ gint hs_ext_oid_filters_values_length;
/* do not forget to update SSL_COMMON_LIST_T and SSL_COMMON_HF_LIST! */
} hf;
@@ -802,6 +807,7 @@ typedef struct ssl_common_dissect {
gint hs_ext_pre_shared_key;
gint hs_ext_psk_identity;
gint hs_ext_server_name;
+ gint hs_ext_oid_filter;
gint hs_sig_hash_alg;
gint hs_sig_hash_algs;
gint urlhash;
@@ -979,11 +985,11 @@ ssl_common_dissect_t name = { \
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
- -1, -1, -1, -1, -1, \
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, \
}, \
/* ett */ { \
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
- -1, -1, -1, -1, -1, -1, -1, -1, \
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, \
}, \
/* ei */ { \
EI_INIT, EI_INIT, EI_INIT, EI_INIT, EI_INIT, EI_INIT, \
@@ -1659,6 +1665,26 @@ ssl_common_dissect_t name = { \
{ "Maximum Early Data Size", prefix ".early_data.max_early_data_size", \
FT_UINT32, BASE_DEC, NULL, 0x00, \
"Maximum amount of 0-RTT data that the client may send", HFILL } \
+ }, \
+ { & name .hf.hs_ext_oid_filters_length, \
+ { "OID Filters Length", prefix ".extension.oid_filters_length", \
+ FT_UINT16, BASE_DEC, NULL, 0x00, \
+ NULL, HFILL } \
+ }, \
+ { & name .hf.hs_ext_oid_filters_oid_length, \
+ { "Certificate Extension OID Length", prefix ".extension.oid_filters.oid_length", \
+ FT_UINT8, BASE_DEC, NULL, 0x00, \
+ NULL, HFILL } \
+ }, \
+ { & name .hf.hs_ext_oid_filters_oid, \
+ { "Certificate Extension OID", prefix ".extension.oid_filters.oid", \
+ FT_OID, BASE_NONE, NULL, 0x00, \
+ NULL, HFILL } \
+ }, \
+ { & name .hf.hs_ext_oid_filters_values_length, \
+ { "Certificate Extension Values Length", prefix ".extension.oid_filters.values_length", \
+ FT_UINT16, BASE_DEC, NULL, 0x00, \
+ NULL, HFILL } \
}
/* }}} */
@@ -1676,6 +1702,7 @@ ssl_common_dissect_t name = { \
& name .ett.hs_ext_pre_shared_key, \
& name .ett.hs_ext_psk_identity, \
& name .ett.hs_ext_server_name, \
+ & name .ett.hs_ext_oid_filter, \
& name .ett.hs_sig_hash_alg, \
& name .ett.hs_sig_hash_algs, \
& name .ett.urlhash, \